ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://cdn.zendesk.com/updates.rss.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1152608
IOC: http://cdn.zendesk.com/updates.rss
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
ASN:AS16509 AMAZON-02
Country:- US
First seen:2023-08-29 10:09:42 UTC
Last seen:never
UUID:2c02c282-4654-11ee-9416-42010aa4000a
Reporter drb_ra
Reward 5 credits from ThreatFox
Tags:CobaltStrike cs-watermark-100000 HOSTINGDUNYAM HOSTING DUNYAM

Avatar
drb_ra
Cobalt Strike Server Found
C2: HTTP @ 213[.]142[.]159[.]117:80
C2 Server: cdn[.]zendesk[.]com,/updates[.]rss,cdn[.]yougov[.]com,/ga[.]js,cdn[.]az[.]gov,/dot[.]gif,cdn[.]ons[.]gov[.]uk,/cx,static[.]tumblr[.]com,/visit[.]js,images[.]instagram[.]com,/activity
POST URI: /submit[.]php
Country: Turkey
ASN: HOSTINGDUNYAM HOSTING DUNYAM
Host Header: d24tgyiz1j2beu[.]cloudfront[.]net